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AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings of claims in the 
application: 

LISTING OF CLAIMS 

1. (Currently Amended) A method for controlling subscriber access in a network capable of 
establishing connections with a plurality of domains, comprising: 

receiving, at an access server coupled to a first conmiunication network and a second 
communication network, a communication from a subscriber on said first 
communication network, said communication optionally including a domain identifier 
associated with a domain on said second communication network; and 

authorizing subscriber access to said domain on said second communication network upon 
determinin g, in response to said receiving, that said domain identifier is included in a 
list of authorized domains associated with fef a virtual circuit through which us e d to 
r e c e iv e said communication is received , said authorizing responsive to said rec e iving . 

2. (Original) The method of claim 1, further comprising terminating said communication when 
said domain identifier is not included in said list. 

3. (Original) The method of claim 1 wherein said communication comprises a Point-to-Point 
Protocol (PPP) session. 



4. 



(Original) The method of claim 3 wherein 
said PPP session comprises a tunneling session; 
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said determining further comprises assigning a tunnel ID; and 
said PPP session is forwarded onto a tunnel associated with said tunnel ID when said 
subscriber is authorized to access said domain. 

5. (Original) The method of claim 4 wherein said tunneling session comprises an L2TP 
session. 



6. (Currently Amended) A method for controlling subscriber access in a network capable of 

estabUshing connections with a plurality of domains, comprising: 

receiving, at an access server coupled to a first communication network and a second 
communication network, a communication from a subscriber on said first 
communication network, said communication optionally including a domain identifier 
associated with a domain on said second communication network; 

authorizing subscriber access to said domain on said second communication network upon 
determining, in response to said receiving, that said domain identifier is included in a 
list of authorized domains associated with a virtual circuit through which said 
communication is received; and 

terminating said communication when said domain identifier is not included in said list, 
wherein: 

said communication comprises a Point-to-Point Protocol (PPP) session; 

said PPP session comprises a tunneling session; 

said determining further comprises assigning a tuimel ID; 
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said PPP session is forwarded onto a tunnel associated with said tunnel ID when said 

subscriber is authorized to access said domain: 
said tunneling session comprises an L2TP session; and Tho m e thod of claim 5 wh e r e in 
said determining further comprises: 

issuing an authorized domain list request including a virtual circuit identifier; 
receiving an authorized domain list that includes authorized domains for said 
identifier; 

indicating said domain is unauthorized when said domain name is not in said domain 
hst; 

indicating said domain is authorized when said domain name is in said domain list; 
issuing a tunnel ID request including said domain name when said domain name is 

authorized; and 
receiving a tunnel ID. 

7. (Original) The method of claim 6 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 

8. (Original) The method of claim 6 wherein said virtual circuit identifier comprises a 
VPWCI identifier. 

9. (Original) The method of claim 5 wherein said determining further comprises: 

issuing a tunnel ID request including said domain name and a virtual circuit identifier; and 
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receiving a tunnel ID. 

10. (Original) The method of claini 9 wherein an AAA sender services said tunnel ID request. 

1 1 . (Original) The method of claim 9 wherein said virtual circuit identifier comprises a 
VPWCI identifier. 

12. (Currently Amended) A method for controlling subscriber access in a network capable of 
establishing connections with a plurality of domains, comprising: 

receiving, at an access server coupled to a first communication network and a second 
communication network, a communication fi'om a subscriber on said first 
communication network, said communication optionally including a domain identifier 
associated with a domain on said second communication network; 

authorizing subscriber access to said domain on said second communication network upon 
determining, in response to said receiving, that said domain identifier is included in a 
list of authorized domains associated with a virtual circuit through which said 
communication is received: and 

terminating said communication when said domain identifier is not included in said list, 
wherein: 

said communication comprises a Point-to-Point Protocol fPPP) session; 

said PPP session comprises a tunneling session; 

said determining fiirther comprises assigning a tunnel ID; 
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said PPP session is forwarded onto a tunnel associated with said tunnel ID when said 

subscriber is authorized to access said domain: 
said tunneling session comprises an L2TP session; and Th e m e thod of claim 5 wher e in 
said determining further comprises: 

performing a table lookup based on a virtual circuit identifier to obtain an authorized 

domain list that includes authorized domains far said virtual circuit identifier; 
indicating said domain is unauthorized when said domain name is not in said 

authorized domain list; 
indicating said domain is authorized when said domain name is in said authorized 
domain list; and 

performing a table lookup based on said domain name to obtain a tunnel ID when said 
domain name is authorized. 

13. (Original) The method of claim 12 wherein said virtual circuit identifier comprises a 
VP WCI identifier. 

14. (Currently Amended) A program storage device readable by a machine, embodying a 
program of instructions executable by the machine to perform a method to control subscriber 
access in a network capable of estabhshing connections with a plurality of domains, the 
method comprising: 

receiving, at an access server coupled to a first communication network and a second 
communication network, a communication from a subscriber on said first 
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communication network, said communication optionally including a domain identifier 
associated with a domain on said second communication network; and 
authorizing subscriber access to said domain on said second communication network upon 
determinin g, in response to said receiving, that said domain identifier is included in a 
list of authorized domains associated with fer a virtual circuit through which us e d to 
r e c e ive said communication is received , said authorizing r e sponsiv e to said r e c e iving . 

15. (Original) The program storage device of claim 14, further comprising terminating said 
communication when said domain identifier is not included in said list. 

16. (Original) The program storage device of claim 14 wherein said communication comprises a 
Point-to-Point Protocol (PPP) session. 

17. (Original) The program storage device of claim 16 wherein 
said PPP session comprises a tunneling session; 

said determining further comprises assigning a tunnel ID; and 
said PPP session is forwarded onto a tunnel associated with said tunnel ID when said 
subscriber is authorized to access said domain. 

18. (Original) The program storage device of claim 17 wherein said tunneling session comprises 
an L2TP session. 
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19. (Currently Amended) A program storage device readable by a machine, embodying a 

program of instructions executable by the machine to perform a method to control subscriber 
access in a network capable of establishing connection with a plurality of domains, the 
method comprising: 

receiving, at an access server coupled to a first communication network and a second 

communication network, a communication from a subscriber on said first 

communication network, said communication optionally including a domain identifier 

associated with a domain on said second communication network; 

authorizing subscriber access to said domain on said second communication network upon 

* 

determining, in response to said receiving, that said domain identifier is included in a 
list of authorized domains associated with a virtual circuit through which said 
communication is received; and 
terminating said communication when said domain identifier is not included in said list, 
wherein: 

said communication comprises a Point-to-Point Protocol (PPP) session; 

said PPP session comprises a tunnehng session; 

said determining fixrther comprises assigning a tunnel ID; 

said PPP session is forwarded onto a tunnel associated with said tunnel ID when said 

subscriber is authorized to access said domain; 
said tunneling session comprises an L2TP session; and Th e program storage devic e of claim 

18 wh e rein 
said determining further comprises: 

issuing an authorized domain list request including a virtual circuit identifier; 
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receiving an authorized domain list that includes authorized domains for said 
identifier; 

indicating said domain is unauthorized when said domain name is not in said domain 
list; 

indicating said domain is authorized when said domain name is in said domain list; 
issuing a tunnel ID request including said domain name when said domain name 

is authorized; and 
receiving a tunnel ID. 

20. (Original) The program storage device of claim 19 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 

21. (Original) The program storage device of claim 19 wherein said virtual circuit identifier 
comprises a VPWCI identifier. 



22. (Original) The program storage device of claim 18 wherein said determining further 
comprises: 

issuing a tunnel ID request including said domain name and a virtual circuit identifier; and 
receiving a tunnel ID. 

23. (Original) The program storage device of claim 22 wherein an AAA server services said 
tunnel ID request. 
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24. (Original) The program storage device of claim 22 wherein said virtual circuit identifier 
comprises a VPWCI identifier. 

25. (Currently Amended) A program storage device readable by a machine, embodying a 
program of instructions executable by the machine to perform a method to control subscriber 
access in a network capable of establishing connection with a plurality of domains, the 
method comprising: 

receiving, at an access server coupled to a first communication network and a second 
communication network, a communication from a subscriber on said first 
communication network, said communication optionally including a domain identifier 
associated with a domain on said second communication network; 

authorizing subscriber access to said domain on said second communication network upon 
determining, in response to said receiving, that said domain identifier is included in a 
list of authorized domains associated with a virtual circuit through which said 
communication is received; and 

terminating said communication when said domain identifier is not included in said list, 
wherein: 

said communication comprises a Point-to-Point Protocol (PPP) session; 

said PPP session comprises a tunneling session; 

said determining fiirther comprises assigning a tunnel ID; 

said PPP session is forwarded onto a tunnel associated with said tunnel ID when said 
subscriber is authorized to access said domain; 
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said tunneling session comprises an L2TP session; and Th e program storag e devic e of claim 

18 wh e r e in 
said determining further comprises: 

performing a table lookup based on a virtual circuit identifier to obtain an 

authorized domain list that includes authorized domains for said virtual circuit 

identifier; 

indicating said domain is unauthorized when said domain name is not in said 

authorized domain list; 
indicating said domain is authorized when said domain name is in said authorized 
domain list; and 

performing a table lookup based on said domain name to obtain a tunnel ID when 
said domain name is authorized. 

26. (Original) The program storage device of claim 25 wherein said virtual circuit identifier 
comprises a VP WCI identifier. 

27. (Currently Amended) An apparatus for controlling subscriber access in a network capable of 
estabUshing connections \yith a plurality of domains, the apparatus comprising: 

means for receiving, at an access server coupled to a first communication network and a 
second communication network, a communication from a subscriber on said first 
communication network, said communication optionally including a domain identifier 
associated with a domain on said second communication network; and 
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means for authorizing subscriber access to said domain on said second communication 
network upon determinin g, in response to said receiving, that said domain identifier is 
included in a list of authorized domains associated with feF a virtual circuit through 
which used to r e c e iv e said communication is received , said authorizing rosponsiv e to 
said r e c e iving . 

28. (Original) The apparatus of claim 27, further comprising means for terminating said 
communication when said domain identifier is not included in said list. 

29. (Original) The apparatus of claim 27 wherein said communication comprises a Point-to- 
Point Protocol (PPP) session. 

30. (Original) The apparatus of claim 29 wherein 
said PPP session comprises a tunneling session; 

said determining further comprises means for assigning a tunnel ID; and 
said PPP session is forwarded onto a tunnel associated with said tunnel ID when said 
subscriber is authorized to access said domain. 

3 1 . (Original) The apparatus of claim 30 wherein said tunneling session comprises an L2TP 
session. 

32. (Currently Amended) An apparatus for controlling subscriber access in a network capable of 
establishing connections with a plurality of domains, the apparatus comprising: 
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means for receiving, at an access server coupled to a first communication network and a 
second communication network, a communication from a subscriber on said first 
communication network, said communication optionally including a domain identifier 
associated with a domain on said second communication network; 

means for authorizing subscriber access to said domain on said second communication 
network upon determining, in response to said receiving, that said domain identifier is 
included in a list of authorized domains associated with a virtual circuit through which 
said communication is received; and 

means for terminating said conimunication when said domain identifier is not included in 
said list, 

wherein: 

said communication comprises a Point-to-Point Protocol (PPP) session; 

said PPP session comprises a tunneling session; 

said determining fiirther comprises assigning a tunnel JD: 

said PPP session is forwarded onto a tunnel associated with said tunnel ID when said 

subscriber is authorized to access said domain; 
said tunneling session comprises an L2TP session; and Th e apparatus of claim 3 1 wh e r e in 
said determining fiirther comprises: 

means for issuing an authorized domain list request including a virtual circuit 
identifier; 

means for receiving an authorized domain list that includes authorized domains for 
said identifier; 
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means for indicating said domain is unauthorized when said domain name is not in said 
domain list; 

means for indicating said domain is authorized when said domain name is in said 
domain list; 

means for issuing a tunnel ID request including said domain name when said domain 
name is authorized; and 
means for receiving a tunnel ID. 

33. (Original) The apparatus of claim 32 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 

34. (Original) The apparatus of claim 32 wherein said virtual circuit identifier comprises a 
VPWCI identifier. 

35. (Original) The apparatus of claim 31 wherein said determining further comprises: 
means for issuing a tunnel' ID request including said domain name and a virtual circuit 

identifier; and 
means for receiving a tunnel ID. 

36. (Original) The apparatus of claim 35 wherein an AAA server services said tunnel ID 
request. 
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37. (Original) The apparatus of claim 35 wherein said virtual circuit identifier comprises a 
VPWCI identifier. 

38. (Currently Amended) An apparatus for controlling subscriber access in a network capable of 
establishing connections with a plurality of domains, the apparatus comprising: 

means for receiving, at an access server coupled to a first communication network and a 
second communication network, a communication fi-om a subscriber on said first 
communication network, said communication optionally including a domain identifier 
associated with a domain on said second communication network; 

means for authorizing subscriber access to said domain on said second communication 
network upon determining, in response to said receiving, that said domain identifier is 
included in a list of authorized domains associated with a virtual circuit through which 
said communication is received; and 

means for terminating said communication when said domain identifier is not included in 
said Ust, 

wherein: 

said communication comprises a Point-to-Point Protocol (PPP) session; 

said PPP session comprises a tunneling session; 

said determining fiirther comprises assigning a tunnel ID; 

said PPP session is forwarded onto a tunnel associated with said tunnel ID when said 

subscriber is authorized to access said domain; 
said tunneling session comprises an L2TP session; and Th e apparatus of claim 31 wh e r e in 
said determining fiirther comprises: 
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means for performing a table lookup based on a virtual circuit identifier to obtain an 
authorized domain list that includes authorized domains for said virtual circuit 
identifier; 

means for indicating said domain is unauthorized when said domain name is not in said 
authorized domain list; 

means for indicating said domain is authorized when said domain name is in said 
authorized domain list; and 

means for performing a table lookup based on said domain name to obtain a tunnel ID 
when said domain name is authorized. 

39. (Original) The apparatus of claim 38 wherein said virtual circuit identifier comprises a 
YVl/VCl identifier. 

40. (Currently Amended) An access server capable of forcing subscribers of a communications 
system to gain access exclusively to a domain network associated with a virtual circuit, said 
access server comprising: 

an authorized domain list request generator capable of generating an authorized domain list 
request including a virtual circuit identifier associated with a virtual circuit through 
which us e d to accept a PPP session authentication request is accepted , said PPP session 
authentication request including a domain identifier; 

an assessor capable of determining whether said domain identifier is in an authorized smd 
domain list associated with said virtual circuit ; 
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a tunnel TD request generator capable of generating a tunnel ID request including said 
domain identifier; and 

an authorizer capable of granting users domain access based upon said authorized domain 
list. 

41 . (Original) The access server of claim 40, further comprising: 

a first receiving interface capable of accepting said PPP session authentication request; 
a first forv^arding interface capable of sending said authorized domain list request to an 
AAA server; 

a second receiving interface capable of accepting a requested authorized domain list; a 
second forwarding interface capable of sending said tunnel JD request to an AAA 
server; 

a third receiving interface capable of accepting a requested tunnel ID; and 
a third forwarding interface capable of forwarding said PPP session on a tunneling session 
associated with said tunnel ID. 

42. (Original) The access server of claim 40 wherein said tunneling session comprises an L2TP 
session. 

43. (Original) The access server of claim 42 wherein said virtual circuit identifier comprises a 
Virtual Path Identifier (VPI) / Virtual Channel Identifier (VCI). 
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44. (Original) The access server of claim 43 wherein said first receiving interface comprises at 
least one access muhiplexer, each access multiplexer having a plurality of inputs for 
receiving a service request, each of said inputs being associated with a particular subscriber 
virtual circuit. 

45. (Original) The access server of claim 41 wherein said AAA server and said access server 
communicate using the Remote Authorization Dial-In User Service (RADIUS) protocol. 

46. (Currently Amended) An access server capable of forcing subscribers of a communications 
system to gain access exclusively to a domain network associated with a virtual circuit, said 
access server comprising: 

a tunnel ID request generator capable of generating a tunnel ID request, said tunnel ID 
request including a virtual circuit identifier associated with a virtual circuit through 
which us e d to acc e pt a PPP authentication request is accepted ; and 

an authorizer capable of granting users domain access based upon a list of authorized 
domains associated with ier said virtual circuit. 

47. (Original) The access server of claim 46, further comprising: 

a first receiving interface capable of accepting said PPP session authentication request, said 

PPP session authentication request including a domain identifier; 
a first forwarding interface capable of sending said tunnel ID request to an AAA server; 
a second receiving interface capable of accepting a requested tunnel ID; and 



18 



CISCO-3096 
(032590-000118) 

a second forwarding interface capable of forwarding said PPP session on a tunneling session 
associated with said tunnel E). 

48. (Original) The access server of claim 47 wherein said tunneling session comprises an L2TP 
session. 

49. (Original) The access server of claim 48 wherein said virtual circuit identifier comprises a 
Virtual Path Identifier (VPI) / Virtual Channel Identifier (VCI). 

50. (Original) The access server of claim 46 wherein said first receiving interface comprises at 
least one access multiplexer, each access multiplexer having a plurality of inputs for 
receiving a service request, each of said inputs being associated with a particular subscriber 
virtual circuit. 

5 1 . (Original) The access server of claim 47 wherein said AAA server and said access server 
communicate using the Remote Authorization Dial-In User Service (RADIUS) protocol. 

52. (Original) An access server capable of forcing subscribers of a communications system to 
gain access exclusively to a domain network associated with a virtual circuit, said access 
server comprising: 

a memory device capable of storing a domain list table and a tunnel ID table, said domain 
list table including a plurality of virtual circuit identifiers and associated domain 
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identifiers, said tunnel ID table including a plurality of domain names and associated 
txmnel DDs; 

an authorized domain list determiner capable of determining an authorized domain list based 
upon said domain list table and a domain identifier within a PPP authentication request, 
said PPP authentication request received on a virtual circuit having a virtual circuit 
identifier; 

an assessor capable of determining whether said domain identifier is in said domain Hst; 
a tunnel ID determiner capable of determining a tuimel ID based upon said tunnel ID table 

and said domain identifier; and 
an authorizer capable of granting subscribers domain access based upon said authorized 

domain list. 

53. (Previously Presented) The access server of claim 52, further comprising: 

a receiving interface capable of accepting said PPP session authentication request; and 
a forwarding interface capable of forwarding said PPP session on a tunneling session 
associated with said tunnel ID. 

54. (Original) The access server of claim 53 wherein said tunneling session comprises an L2TP 
session. 

55. (Original) The access server of claim 54 wherein said virtual circuit identifier comprises a 
Virtual Path Identifier (VPI) / Virtual Channel Identifier (VCI). 
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56. (Original) The access server of claim 52 wherein said first receiving interface comprises at 
least one access multiplexer, each access multiplexer having a plurality of inputs for 
receiving a service request, each of said inputs being associated with a particular subscriber 
virtual circuit. 

57. (Previously Presented) A method for controlling subscriber access in a network capable of 
establishing connections with a plurahty of domains, comprising: 

receiving an L2TP session fi'om a subscriber using a first communication network coupled to 
at least one other communication network, said L2TP session optionally including a 
domain identifier associated with a domain on said at least one other communication 
network; 

determining whether said subscriber is authorized to access said domain based upon said 
domain identifier and a list of authorized domains for a virtual circuit used to receive 
said L2TP session, said determining comprising: 

issuing an authorized domain list request including a virtual circuit identifier; 
receiving an authorized domain list that includes authorized domains for said identifier; 
indicating said domain is unauthorized when said domain name is not in said domain 
Hst; 

indicating said domain is authorized when said domain name is in said domain list; 
issuing a tunnel ED request including said domain name when said domain name is 

authorized; 
receiving a tunnel ID; and 
assigning said tunnel ID; and 
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authorizing subscriber access to said domain when said domain identifier is included in said 
list, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel 
ID when said subscriber is authorized to access said domain. 

58. (Previously Presented) The method of claim 57 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 

59. (Previously Presented) The method of claim 57 wherein said virtual circuit identifier 
comprises a VPWCI identifier. 

60. (Previously Presented) A method for controlling subscriber access in a network capable of 
establishing connections with a plurality of domains, comprising: 

receiving an L2TP session fi*om a subscriber using a first communication network coupled to 
at least one other communication network, said L2TP session optionally including a 
domain identifier associated with a domain on said at least one other communication 
network; 

determining whether said subscriber is authorized to access said domain based upon said 
domain identifier and a list of authorized domains for a virtual circuit used to receive 
said L2TP session, said determining comprising: 

performing a table lookup based on a virtual circuit identifier to obtain an authorized 
domain list that includes authorized domains far said virtual circuit identifier; 

indicating said domain is unauthorized when said domain name is not in said authorized 
domain list; 
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indicating said domain is authorized when said domain name is in said authorized 
domain list; 

perforaiing a table lookup based on said domain name to obtain a tunnel ID when said 

domain name is authorized; and 

assigning said tunnel ID; and 
authorizing subscriber access to said domain when said domain identifier is included in said 
list, wherein said L2TP session is forwarded onto a tunnel associated with said timnel 
ID when said subscriber is authorized to access said domain. 

61 . (Previously Presented) The method of claim 60 wherein said virtual circuit identifier 
comprises a VPWCI identifier, 

62. (Previously Presented) A program storage device readable by a machine, embodying a 
program of instructions executable by the machine to perform a method to control subscriber 
access in a network capable of establishing connections with a plurality of domains, the 
method comprising: 

receiving an L2TP session from a subscriber using a first conmfiunication network coupled to 
at least one other communication network, said L2TP session optionally including a 
domain identifier associated with a domain on said at least one other communication 
network; 

determining whether said subscriber is authorized to access said domain based upon said 
domain identifier and a list of authorized domains for a virtual circuit used to receive 
said L2TP session, said determining comprising: 

issuing an authorized domain list request including a virtual circuit identifier; 
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receiving an authorized domain list that includes authorized domains for said identifier; 
indicating said domain is unauthorized when said domain name is not in said domain 
Hst; 

indicating said domain is authorized when said domain name is in said domain list; 
issuing a tunnel ID request including said domain name when said domain name is 

authorized; 
receiving a tunnel ID; and 
assigning said tunnel ED; and 
authorizing subscriber access to said domain when said domain identifier is included in said 
list, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel 
ID when said subscriber is authorized to access said domain. 

63. (Previously Presented) The program storage device of claim 62 wherein 
said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 

64. (Previously Presented) The program storage device of claim 62 wherein said virtual circuit 
identifier comprises a VP WCI identifier. 

65. (Previously Presented) A program storage device readable by a machine, embodying a 
program of instructions executable by the machine to perform a method to control subscriber 
access in a network capable of estabUshing connections with a plurality of domains, the 
method comprising: 
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receiving an L2TP session from a subscriber using a first communication network coupled to 
at least one other communication network, said L2TP session optionally including a 
domain identifier associated with a domain on said at least one other communication 
network; 

determining whether said subscriber is authorized to access said domain based upon said 
domain identifier and a list of authorized domains for a virtual circuit used to receive 
said L2TP session, said determining comprising: 

performing a table lookup based on a virtual circuit identifier to obtain an authorized 
domain list that includes authorized domains far said virtual circuit identifier; 

indicating said domain is unauthorized when said domain name is not in said authorized 
domain list; 

indicating said domain is authorized when said domain name is in said authorized 
domain Ust; 

performing a table lookup based on said domain name to obtain a tunnel JD when said 

domain name is authorized; and 

assigning said tunnel ID; and 
authorizing subscriber access to said domain when said domain identifier is included in said 
Hst, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel 
ED when said subscriber is authorized to access said domain. 

(Previously Presented) The program storage device of claim 65 wherein said virtual circuit 
identifier comprises a VPWCI identifier. 
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(Previously Presented) An apparatus for controlling subscriber access in a network capable 
of establishing connections with a plurality of domains, comprising: 

means for receiving an L2TP session from a subscriber using a first communication network 
coupled to at least one other communication network, said L2TP session optionally 
including a domain identifier associated with a domain on said at least one other 
communication network; 

means for determining whether said subscriber is authorized to access said domain based 
upon said domain identifier and a list of authorized domains for a virtual circuit used to 
receive said L2TP session, said means for determining comprising: 
means for issuing an authorized domain list request including a virtual circuit identifier; 
means for receiving an authorized domain list that includes authorized domains for said 
identifier; 

means for indicating said domain is unauthorized when said domain name is not in said 
domain list; 

means for indicating said domain is authorized when said domain name is in said 
domain hst; 

means for issuing a tunnel ID request including said domain name when said domain 

name is authorized; 
means for receiving a tunnel ID; and 
means for assigning said tunnel ID; and 
means for authorizing subscriber access to said domain when said domain identifier is 
included in said list, wherein said L2TP session is forwarded onto a tunnel associated 
with said tunnel ED when said subscriber is authorized to access said domain. 
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68. (Previously Presented) The apparatus of claim 67 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 

69. (Previously Presented) The apparatus of claim 67 wherein said virtual circuit identifier 
comprises a VPWCI identifier. 

70. (Previously Presented) An apparatus for controlling subscriber access in a network capable 
of estabUshing connections with a plurality of domains, comprising: 

means for receiving an L2TP session from a subscriber using a first communication network 
coupled to at least one other communication network, said L2TP session optionally 
including a domain identifier associated with a domain on said at least one other 
communication network; 

means for determining whether said subscriber is authorized to access said domain based 
upon said domain identifier and a list of authorized domains for a virtual circuit used to 
receive said L2TP session, said means for determining comprising: 
means for performing a table lookup based on a virtual circuit identifier to obtain an 
authorized domain list that includes authorized domains far said virtual circuit 
identifier; 

means for indicating said domain is unauthorized when said domain name is not in said 

authorized domain list; 
means for indicating said domain is authorized when said domain name is in said 

authorized domain list; 
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means for performing a table lookup based on said domain name to obtain a tunnel ID 
when said domain name is authorized; and 
assigning said tunnel ID; and 
means for authorizing subscriber access to said domain when said domain identifier is 
included in said list, wherein said L2TP session is forwarded onto a tunnel associated 
with said tunnel ID when said subscriber is authorized to access said domain. 

71. (Previously Presented) The apparatus of claim 70 wherein said virtual circuit identifier 
comprises a VP WCI identifier. 
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